Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0cf8f634 by security tracker role at 2018-02-16T21:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,4 +1,24 @@ -CVE-2018-7186 [stack buffer overflows] +CVE-2018-7190 + RESERVED +CVE-2018-7189 + RESERVED +CVE-2018-7188 (An XSS vulnerability (via an SVG image) in Tiki before 18 allows an ...) + TODO: check +CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -insecure ...) + TODO: check +CVE-2018-7185 + RESERVED +CVE-2018-7184 + RESERVED +CVE-2018-7183 + RESERVED +CVE-2018-7182 + RESERVED +CVE-2018-7181 + RESERVED +CVE-2017-18190 (A localhost.localdomain whitelist entry in valid_host() in ...) + TODO: check +CVE-2018-7186 (Leptonica before 1.75.3 does not limit the number of characters in a %s ...) - leptonlib <unfixed> (bug #890548) NOTE: https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a CVE-2018-7180 @@ -9,7 +29,7 @@ CVE-2018-7178 RESERVED CVE-2018-7177 RESERVED -CVE-2018-7176 (FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php...) +CVE-2018-7176 (FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a ...) - frontaccounting <removed> (bug #890604) [wheezy] - frontaccounting <end-of-life> (unsupported in wheezy, already vulnerable to SQL injection in CVE-2014-3973) NOTE: https://securitywarrior9.blogspot.ca/2018/02/cross-site-request-forgery-front.html @@ -529,10 +549,10 @@ CVE-2018-6946 RESERVED CVE-2018-6945 RESERVED -CVE-2018-6944 - RESERVED -CVE-2018-6943 - RESERVED +CVE-2018-6944 (core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for ...) + TODO: check +CVE-2018-6943 (core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 ...) + TODO: check CVE-2018-6942 (An issue was discovered in FreeType 2 through 2.9. A NULL pointer ...) - freetype <unfixed> (bug #890450) [stretch] - freetype <not-affected> (Vulnerable code introduced later) @@ -571,11 +591,11 @@ CVE-2018-6929 CVE-2018-6928 (PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a ...) NOT-FOR-US: PHP Scripts Mall News Website Script CVE-2018-1000066 - RESERVED + REJECTED CVE-2018-1000065 - RESERVED + REJECTED CVE-2018-1000064 - RESERVED + REJECTED CVE-2017-18186 (An issue was discovered in QPDF before 7.0.0. There is an infinite loop ...) - qpdf 7.0.0-1 [stretch] - qpdf <no-dsa> (Minor issue) @@ -646,7 +666,7 @@ CVE-2018-6915 CVE-2018-6914 RESERVED CVE-2018-1000063 - RESERVED + REJECTED CVE-2017-18179 (Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring ...) NOT-FOR-US: Progress Sitefinity CVE-2017-18178 (Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue ...) @@ -943,6 +963,7 @@ CVE-2018-6793 CVE-2018-6792 (Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow ...) NOT-FOR-US: Saifor CVMS HUB CVE-2018-6791 (An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE ...) + {DSA-4116-1} - plasma-workspace 4:5.12.0-2 - kde-runtime <not-affected> (Performs correct escaping) NOTE: https://bugs.kde.org/show_bug.cgi?id=389815 @@ -1922,12 +1943,12 @@ CVE-2017-18093 RESERVED CVE-2017-18092 RESERVED -CVE-2017-18091 - RESERVED -CVE-2017-18090 - RESERVED -CVE-2017-18089 - RESERVED +CVE-2017-18091 (The admin backupprogress action in Atlassian Fisheye and Crucible ...) + TODO: check +CVE-2017-18090 (Various resources in Atlassian Fisheye before version 4.5.1 (the fixed ...) + TODO: check +CVE-2017-18089 (The view review history resource in Atlassian Crucible before version ...) + TODO: check CVE-2017-18088 (Various plugin servlet resources in Atlassian Bitbucket Server before ...) NOT-FOR-US: Atlassian Bitbucket Server CVE-2017-18087 (The download commit resource in Atlassian Bitbucket Server from ...) @@ -18039,10 +18060,10 @@ CVE-2018-0518 RESERVED CVE-2018-0517 (Untrusted search path vulnerability in Anshin net security for Windows ...) NOT-FOR-US: Anshin net security for Windows -CVE-2018-0516 - RESERVED -CVE-2018-0515 - RESERVED +CVE-2018-0516 (Untrusted search path vulnerability in FLET'S v4 / v6 address ...) + TODO: check +CVE-2018-0515 (Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" ...) + TODO: check CVE-2018-0514 (MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows ...) NOT-FOR-US: MP Form Mail CGI eCommerce Edition CVE-2018-0513 (Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple ...) @@ -64393,7 +64414,7 @@ CVE-2017-2254 (Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial NOT-FOR-US: Cybozu CVE-2017-2253 (Untrusted search path vulnerability in Installer of Yahoo! Toolbar ...) NOT-FOR-US: Installer of Yahoo! Toolbar (for Internet explorer) -CVE-2017-2252 (Untrusted search path vulnerability in Self-extracting archive files ...) +CVE-2017-2252 (Untrusted search path vulnerability in self-extracting archive files ...) NOT-FOR-US: File Compact CVE-2017-2251 RESERVED @@ -67091,7 +67112,7 @@ CVE-2017-0916 [Critical Vulnerability with Command Injection via Webhooks] RESERVED - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ - NOTE: https://gitlab.com/gitlab-org/gitlab-ce/commit/7fc0a6fc096768a5604d6dd24d7d952e53300c82 + NOTE: https://gitlab.com/gitlab-org/gitlab-ce/commit/7fc0a6fc096768a5604d6dd24d7d952e53300c82 CVE-2017-0915 [Remote Code Execution Vulnerability in GitLab Projects Import] RESERVED - gitlab <unfixed> (bug #888508) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0cf8f63449884d389524c8c870ef76e076878105 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0cf8f63449884d389524c8c870ef76e076878105 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits